Indicator

class trustar.models.indicator.Indicator(value, type=None, priority_level=None, correlation_count=None, whitelisted=None, weight=None, reason=None, first_seen=None, last_seen=None, sightings=None, source=None, notes=None, tags=None, enclave_ids=None)

Models an Indicator.

Variables:
  • value – The indicator value; i.e. “www.evil.com”
  • type – The type of indicator; i.e. “URL”
  • priority_level – The priority level of the indicator
  • correlation_count – The number of other indicators that are correlated with this indicator.
  • whitelisted – Whether the indicator is whitelisted or not.
  • weight – see Indicator for details.
  • reason – see Indicator for details.
  • first_seen – the first time this indicator was sighted
  • last_seen – the last time this indicator was sighted
  • sightings – the number of times this indicator has been sighted
  • source – the source that the indicator was observed from
  • notes – a string containing notes about the indicator
  • tags – a list containing Tag objects associated with the indicator
  • enclave_ids – a list of enclaves that the indicator is found in
  • TYPES – A list of all valid indicator types.
classmethod from_dict(indicator)

Create an indicator object from a dictionary.

Parameters:indicator – The dictionary.
Returns:The indicator object.
to_dict(remove_nones=False)

Creates a dictionary representation of the indicator.

Parameters:remove_nones – Whether None values should be filtered out of the dictionary. Defaults to False.
Returns:A dictionary representation of the indicator.